search for: security_hardening

Displaying 7 results from an estimated 7 matches for "security_hardening".

2019 Oct 12
2
easy way to stop old ssl's
...replace the existing config file instead. Instead of configuring every application separataly it would be nice if "accepted levels of security" could be set system wide. With 8 it seems there is such a thing https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/security_hardening/using-the-system-wide-cryptographic-policies_security-hardening Although I believe that FIPS mode is also available in 7 I did not used neither system wide cryptographic policies nor FIPS mode so my post is more the theoretical one, but I thought it is on topic. -- Kind Regards, Markus Falb
2019 Oct 12
0
easy way to stop old ssl's
...ould be bothered to think through all of the use cases, combinations, and implications. Who is that central organization? Are you sure their notions match your own? > With 8 it seems there is such a thing > > https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/security_hardening/using-the-system-wide-cryptographic-policies_security-hardening > > Although I believe that FIPS mode is also available in 7 That?s FIPS 140-2, a standard from 2001, which is three TLS standards ago. FIPS 140-3 just barely became effective a few weeks ago, which means it won?t be considere...
2024 Jan 25
2
enable strong KexAlgorithms, Ciphers and MACs in /etc/ssh/sshd_config file on RHEL 8.x Linux OS
Hi, I am running the below servers on Red Hat Enterprise Linux release 8.7 (Ootpa). The details are as follows. # rpm -qa | grep openssh openssh-8.0p1-16.el8.x86_64 openssh-askpass-8.0p1-16.el8.x86_64 openssh-server-8.0p1-16.el8.x86_64 openssh-clients-8.0p1-16.el8.x86_64 # cat /etc/redhat-release Red Hat Enterprise Linux release 8.7 (Ootpa) # How do I enable strong KexAlgorithms, Ciphers and
2019 Oct 11
4
easy way to stop old ssl's
HI all, When CentOS 7 was created things like SSLv2 TLSv1 TLSv1.1 etc... were all OK, but now they have fallen out of favor for various reasons. Updating to CentOS 7.7 does not automatically disable these types of items from apache - is there a script that is available that can be ran to bring a box up to current "accepted" levels ? Or is that an edit by hand, do it yourself on all your
2019 Oct 15
1
easy way to stop old ssl's
...read. Who defines what is old ? What about best practices like disable SSLv3 or TLSv1? Could the authority be the community or some common knowledge? > >> With 8 it seems there is such a thing >> >> https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/security_hardening/using-the-system-wide-cryptographic-policies_security-hardening >> >> Although I believe that FIPS mode is also available in 7 > > That?s FIPS 140-2, a standard from 2001, which is three TLS standards ago. If I look at the comparison table from the link above FIPS mode does not...
2024 Jan 26
1
enable strong KexAlgorithms, Ciphers and MACs in /etc/ssh/sshd_config file on RHEL 8.x Linux OS
...o policies" modifying sshd's behaviour, and it would likely be the *preferred* method to inject your intended config changes *there* (unless they happen to already be part of an existing policy, like FUTURE). https://access.redhat.com/documentation/de-de/red_hat_enterprise_linux/8/html/security_hardening/using-the-system-wide-cryptographic-policies_security-hardening Kind regards, -- Jochen Bern Systemingenieur Binect GmbH -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 3449 bytes Desc: S/MIME Cryptographic Sig...
2024 Jan 27
2
enable strong KexAlgorithms, Ciphers and MACs in /etc/ssh/sshd_config file on RHEL 8.x Linux OS
...fying sshd's behaviour, and it would likely be the *preferred* > method to inject your intended config changes *there* (unless they > happen to already be part of an existing policy, like FUTURE). > > > https://access.redhat.com/documentation/de-de/red_hat_enterprise_linux/8/html/security_hardening/using-the-system-wide-cryptographic-policies_security-hardening > > Kind regards, > -- > Jochen Bern > Systemingenieur > > Binect GmbH > _______________________________________________ > openssh-unix-dev mailing list > openssh-unix-dev at mindrot.org > https://lists...